Is China Spying on The UK?
Some believe the British Olympic canoeing team was a target of Chinese hackers. Plus: data center goes kablooey; Trojan nabs banking info; more
Accusations are flying around against the Chinese, who some believe have been
trying to obtain performance data on the U.K. Olympic canoeing team. All this
based on the "fact" that attack attempts were traced back to IP originating
from Chinese address spaces. (Read the UPI story here
Both the assertion the attacks were made by Chinese and the belief the criminals
were trying to obtain performance data on the team are assumptions. But it's
fashionable to say that Chinese hackers are trying to steal information these
days, so the story reads as such. Why else would anyone hack the U.K. Olympic
canoeing team's site? It's certainly not for the sake of getting another
compromised server to abuse -- no, that couldn't be possible at all. Lest
we all forget, one of the oldest "hacker" moves involves hopping through
compromised servers in order to cover a criminal's tracks.
Guilty: CA Data Center Time Bomber
Lonnie Charles Denison, a 33-year-old contract Unix administrator in northern
California, has pled guilty to attempted damage of an energy facility after
hitting the "big switch" and shutting down a data center. It took
some seven hours and 20 people to fully restore operation at the facility. Denison
also sent an e-mail the day following the shutdown, claiming he planted a bomb.
The actions were a result of his discovering that he'd been denied system access.
(Read the story at The Register here.)
Firing someone is more complex than many realize, and timing is -- as this
story points out clearly -- very important. Get the employee away from systems,
then revoke access, and only then escort that person out of the facility. Never
fire anyone until you're certain you know all of the access methods possible
and, even so, you should also have complete control over those methods.
Making Bank Transfers with Trojans
According to this
ComputerWorld report, a group of criminals have crafted a Trojan
which attempts to mimic the steps a human would take to transfer funds from
a commercial bank account to accounts controlled by the criminals. The Trojan
is offered to individuals culled from earlier phishing attempts and, in particular,
those individuals that have been identified as having a commercial account.
The group sent e-mails specific to the banks of those in this smaller group
of potential victims, in an attempt to get the new Trojan installed. The new
Trojan waits for the victim to connect to his or her bank site, and then automates
tasks the victim might do themselves while the victim is on the site.
Clearly the criminals are aware of some of the anti-fraud measures in place
at some banks and are modifying their Trojans so that it actually avoids alerting
everyone on the list. Even with this new approach and its ability to avoid some
anti-fraud measures, the Trojan relies first and foremost upon victims falling
for their phishing attempt that installs the Trojan. It's amazingly simple to
teach people how to avoid phishing. If you ever receive an e-mail that tries
to inform you of any sort of problem or issue related to your relationship with
that party, just ignore it. If there truly is an issue, you'll get a phone
Hackers Harvest Data from Facebook
Facebook has named the individuals it cited in a lawsuit filed in June 7007,
in which three individuals and a company, Slickcash.com, have been accused of
unlawfully accessing Facebook servers in an attempt to harvest information from
Facebook user profiles. The article
from TechNewsWorld.com makes no mention of what the hackers hoped
to achieve by such harvesting.
It should be made clear to everyone that data stored on such sites is not only
potentially dangerous, but could also haunt individuals for many years to come.
The likes, dislikes, quirks and off-the-top-of-the-head feelings are often posted
hourly. All of this information is eventually cached and stored and may be perused
for who knows what reasons for who knows how long ... it's best to assume that
all that data will live forever somewhere on the Internet. Be it stalking or
merely an effort to create a clearer picture to a human resources person who's
thinking about hiring you, the information may be more than you ever imagined
others might have read.
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.